CVE-2024-21981

Improper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access who has gained arbitrary code
execution privilege in ASPto
extract ASP cryptographic keys, potentially resulting in loss of
confidentiality and integrity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
AMDCNA
5.7 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html